Nicole Beebe, Director of the Center for Education and Research in Information at The University of Texas at San Antonio (UTSA), and Daijin Ko, UTSA professor of management science and statistics, have received a $649,172 grant from the U.S. Department of Homeland Security to strengthen insider threat detection.
"The ability to detect threats within an organization and to keep sensitive information from getting into the wrong hands has become vital to national security," Beebe said.
Beebe and Ko's top-tier research will involve building an insider threat detection system to prepare for real-world situations wherein a disgruntled employee or even a corporate spy could abscond with valuable information. However, they're not interested in finding the culprit after an attack has already occurred.
"The goal is to be able to detect an insider threat before that person commits their crimes," Ko said. "Traditionally, you can look for a change in behavior. For example, this person will start storing up large sums of data on their computer."
Most organizations have protocols to detect that kind of incident, but there are several other factors that could signal an information breach that are often overlooked. To close this gap, Beebe and Ko will detect digital forensic traces that can be used to signal a possible insider threat.
"We'll search for an abnormal pattern," said Ko. "Essentially, we're watching for an outlier based on how long they're using the computer, when they are using it and how they are using it, among other variables."
Paul Rivera, President and CEO of Def-Logix, will help the pair develop a software system that can quickly analyze vast amounts of data and identify a threat based on how they use their work computers.
The manual process of sifting through these virtual behaviors would be a lot like looking for a needle in a haystack, and the software will make it possible to quickly find an outlier among mountains of arbitrary data.
The researchers hope that the new technology will not just prevent corporate espionage, but also make it possible to detect breaches, like the ones committed by Chelsea Manning and Edward Snowden, before they occur.
"This could have a widespread beneficial impact for so many different organizations, public and private," Beebe said. "These recent leaks have proved that we need to rise to this new challenge, and that's exactly what we're doing."